PlayStation Network Sign-in is down again due to new security loophole

Summary:PSN Sign-in is offline due to new security hole that can reset passwords using just the date of birth and email address -- information that was stolen in the first attack.

After restarting the PlayStation Network around the world this past weekend and promising tougher security for customers' data, the PSN Sign-in is once again offline as Sony is working to patch a new security hole.

According to Nyleveia.com, the new loophole can reset passwords using just the user's date of birth and email address -- information that was stolen in the first attack. This means even if the user has logged in after the restart to create a new login, that login may already be useless due to this new vulnerability.

Nyleveia's unnamed source demoed this breach to the staff to prove that it is a real threat, and Eurogamer has also seen video evidence that corroborates with Nylevia's claims. Nyleveia has also passed what it discovered to Sony Computer Entertainment Europe. Since then, a number of sites have become inaccessible for login including:

  • PlayStation.com
  • PlayStation forums
  • all PlayStation game titles
  • PlayStation Blog
  • Qriocity.com
  • Music Unlimited via the web client
  • site where users are directed to to reset their passwords

In a brief statement confirming that the PSN has been taken offline, Sony said, “Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take."

Sony also reiterated that only the login site is down and not the entire PSN in a tweet, "Clarification: this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email."

That said, "[users] will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information,” according to Sony.

Is there anything a PSN customer can do to better protect their own data? Nyleveia is recommending that all users create a dedicated email account to link only to their PSN account so if any personal information is ever stolen, it would only affect their ability to log into the PSN. You can refer to the FAQ for further details.

[Source: Nyleveia via MCVEngadget, Eurogamer, Kotaku]

Additional ZDNet coverage:

Topics: Networking, Hardware, Mobility

About

Gloria Sin is a New York-based freelance journalist who writes about the tech toys that you can't live without for ZDNet. She has little patience for poorly designed user experiences, and is not afraid of opening the guts of her own machines for repair or hacking her gadgets for new uses.She has written for FastCompany.com, Popular Scienc... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.